runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Check used wrapper
        run: |
          set -eu
          for commit in $(git rev-list ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}); do
              git checkout $commit --quiet --detach

      - name: Checkout repository for nightly (skipped for releases)
        if: ${{ github.event_name == 'schedule' }}
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          ref: 'nightly'
      - name: Checkout repository
        if: ${{ github.event_name == 'push' }}
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

# SHA256 checksums of snapshot zip files in this directory.
# These checksums are included in the FIPS security policy
# (validation instructions sent to the lab) and MUST NOT CHANGE.
# That is, the zip files themselves must not change.
#
# It is okay to add new zip files to the list, and it is okay to
# remove zip files from the list when they are removed from
# this directory. To update this file:
#
#	go test cmd/go/internal/fips140 -update
#

      - name: Checkout repository for nightly (skipped for releases)
        if: ${{ github.event_name == 'schedule' }}
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          ref: 'nightly'
      - name: Checkout repository for releases (skipped for nightly)
        if: ${{ github.event_name == 'push' }}

        restore-keys: |
          ${{ runner.os }}-maven-
    - name: Checkout fess-parent
      uses: actions/checkout@v4
      with:
        repository: codelibs/fess-parent
        ref: ${{ env.PARENT_BRANCH }}
        path: fess-parent
    - name: Install fess-parent
      run: |
        cd fess-parent
        mvn install -Dgpg.skip=true
    - name: Build with Maven

        restore-keys: |
          ${{ runner.os }}-maven-
    - name: Checkout fess-parent
      uses: actions/checkout@v4
      with:
        repository: codelibs/fess-parent
        ref: ${{ env.PARENT_BRANCH }}
        path: fess-parent
    - name: Install fess-parent
      run: |
        cd fess-parent
        mvn install -Dgpg.skip=true
    - name: Download Plugins with Maven

The file x.txt (for example, inprocess.txt, certified.txt)
defines the meaning of the FIPS version alias x, listing
the exact version to use.

The zip files are created by cmd/go/internal/fips140/mkzip.go.
The fips140.sum file lists checksums for the zip files.

name: 'Dependency Review'
on: [pull_request]

permissions:
  contents: read

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v4
      - name: 'Dependency Review'

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
      with:
        # We must fetch at least the immediate parents so that if this is
        # a pull request then we can checkout the head.
        fetch-depth: 2

    # If this run was triggered by a pull request event, then checkout
    # the head of the pull request instead of the merge commit.

        restore-keys: |
          ${{ runner.os }}-maven-
    - name: Checkout fess-parent
      uses: actions/checkout@v4
      with:
        repository: codelibs/fess-parent
        ref: ${{ env.PARENT_BRANCH }}
        path: fess-parent
    - name: Install fess-parent
      run: |
        cd fess-parent
        mvn install -Dgpg.skip=true
    - name: Build with Maven